For reference, I’ve added crt.sh links for the replacement certificates below.
> On Jul 29, 2017, at 09:08, kaddachi olfa via dev-security-policy > <dev-security-policy@lists.mozilla.org> wrote: > > https://crt.sh/?id=15126121 is an expired certificate (notBefore March 2016; > notAfter March 2017) issued by this CA which has a wildcard name in the > common name while the SAN contains specific domain names that would be > covered by the wildcard only. > > ==> The CA has revoked the certificate https://crt.sh/?id=15126121 on > 2016-03-21 when the CA discover the mistake in the SAN extension. A new > certificate is issued on the same day (2016-03-21) with the right SAN > (*.sonede.com.tn). See the certificate below: > https://crt.sh/?id=15597407 > https://crt.sh/?id=10975511 is an expired certificate with a notBefore of Oct > 2015 and notAfter of Oct 2016 issued by this CA with an iPAddress SAN of > 127.0.0.1. (I believe that by 2014, the BRs rohibited issuing internal name > certs with validity past November 2015.) > > ==>Yes https://crt.sh/?id=10975511 is an expired certificate which contain an > IPAddress SAN of 127.0.0.1. The new certificate for the end entity > (mail.tunisiaexport.tn) has been issued by the CA on 14-12-2016. See > certificate below: https://crt.sh/?id=180718609 > https://crt.sh/?id=79470561&opt=cablint is a certificate for the internal > name 'adv-ail.calladvance.local' issued by this CA with a not Before of 2017. > > ==> The CA proceeded to notify the end entity of the certificate > https://crt.sh/?id=79470561&opt=cablint. The certificate is revoked on > 28/07/2017 and replaced by a new certificate which does not contain in SAN > extension the internal name "adv-mail.calladvance.local". See ertificate > below: https://crt.sh/?id=180718608 _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy
